The Vulnerabilities of Missing HTTP and Secure Flags, and also Fixing
Hi Heckerss!! πββοΈ
Letβs Startβ¦! the blog directlyβ¦
Description:
1. π HTTP (Hypertext Transfer Protocol):
HTTP (Hypertext Transfer Protocol) is a fundamental protocol used for transmitting data over the internet. It acts as a set of rules and conventions that allow web browsers and web servers to communicate and exchange information.
2. π Secure:
The βSecureβ flag, when set for a cookie, ensures that the cookie is only sent over secure, encrypted connections using HTTPS, making it more resistant to interception and enhancing web application security.
Impact:
- π΅οΈββοΈ Data Interception
- π΅οΈββοΈ Man-in-the-Middle (MitM) Attacks
- π· Session Hijacking
- πͺ Cookie Theft
- π Cross-Site Scripting (XSS) Attacks
Without HTTPS and Secure Flags, cookies and sensitive data transmitted over unencrypted connections become prime targets for XSS attacks. Attackers can inject malicious scripts into web pages, compromising user data and potentially taking control of accounts. The absence of Secure Flags can make it easier for attackers to steal cookies containing session information and carry out XSS attacks more effectively.
I think the theory is too boring π₯²
Letβs start with the practical one π
First, we have to understand what will happen without the HTTP and secure flags.
Now Implement the both HTTP and Secure flags in the cookie
setcookie("username", $userInput, time() + 3600, "/", "", false, false);- π·οΈ
"username": This is the name of the cookie you're setting. In this case, it's named "username." - π¬
$userInput: This is the value you want to assign to the "username" cookie. It appears that you're using the$userInputvariable as the value, which means the value of the cookie will be based on the user's input. - β³
time() + 3600: This sets the expiration time for the cookie. In this example, the cookie will expire in 3600 seconds (1 hour) from the current time. - π
"/": The path parameter specifies the scope of the cookie. Here, it's set to "/", meaning the cookie is available for the entire domain. - π
""(empty string): The domain parameter typically specifies the domain where the cookie is valid. An empty string means it's valid for the current domain. - π
false: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set tofalse, meaning the cookie can be sent over both HTTP and HTTPS connections. - π«
false: The httpOnly parameter is used to restrict cookie access to JavaScript. Setting it tofalseallows JavaScript to access the cookie, which is the default behavior.
Note: 1 and 2 depend on the application.
Set HTTP and Secure flag as TRUE
setcookie("username", $userInput, time() + 3600, "/", "", true, true);- π
true: The secure parameter determines whether the cookie should only be transmitted over secure HTTPS connections. Here, it's set totrue, meaning the cookie will only be sent over HTTPS. - π«
true: The httpOnly parameter is used to restrict cookie access to JavaScript. Setting it totruemeans JavaScript won't have access to the cookie, enhancing security.
Let's see the response π
Okayβ¦ will see in the next blog ππββοΈ.
Happy Huntingβ¦.!
Reach out to me, If you have any queries π€
π LinkedIn: Abinesh M
π± Instagram: Abi_Hecker
